VMware vSphere

I have been thinking about this but do not have any solid ideas of how to accomplish this.

I want to set up a Win2003 as a guest on ESXi. I then want to grant RDP access to this guest and ONLY this guest from users outside the physical facility where the ESXi server resides. Thos remote users would be coming in over a broadband connection of some flavor (likely cable or T1) through a router (Netopia 4686XL).

The only ways I can think of restricting users to a single box would be to give that box an IP address on a different network than the one running locally. However, we have the issue of outside connectivity coming in through a router which has a LOCAL address on the LOCAL network, as it must to make things functional.

I want to share the apps on this Windows 2003 box, but do not ever want these travelers to see anything else. Any thoughts on how to do this?

Do you not want the users to see the ESXi host or to see other Virtual Machines (Guests)?

If you don't want them to see the ESXi host then you will configure the 1-2 NICs to be on a management network and then configure 1-2 dedicated NICs (different NICs than the ones previously mentioned) for Local LAN traffic on your normal subnet.

This is done through the use of vSwitches in ESXi

Very simple example.

vSwitch0

Management Network

192.168.1.x

255.255.255.0

vSwitch1 LAN traffic

192.168.2.x

255.255.255.0

You can add a second vswitch with NO pNICs. Install a firewall/router appliance connecting the new vswitch to the original vswitch. You can now create the new server on the new vswitch. You can do whatever you need to do on the virtual firewall/router to connect the remote folks (port forwarding, vpn etc.) You can add whatever you need on the router to grant access to the new server to your local network.

If they're coming in through a router, then only allow external access to that IP via acl's.

-KjB

VMware vExpert

Don't forget to leave points for helpful/correct posts.